Update docker-compose.yml

docker-compose.yml

@@ -1,50 +1,65 @@
-volumes:
+version: "3.8"
-  etc_wireguard:
 
 services:
   wg-easy:
+    image: ghcr.io/wg-easy/wg-easy
+    container_name: wg-easy
+    hostname: wg-easy
     environment:
-      # Change Language:
+      # ⚠️ Required: Change this to your host's public address (clients will connect to this hostname):
+      - WG_HOST=wg-easy.myhomelab.com
+
+      # ⚠️ Required: Set the Web UI Password Hash:
+      # Generate the bcrypt hash from: https://bcrypt-generator.com/
+      - PASSWORD_HASH=$2a$10$exampleHashHere # Replace with your actual bcrypt hash
+
+      # Optional: Set the language for the Web UI (default: en):
       # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi, ja, si)
       - LANG=en
-      # ⚠️ Required:
-      # Change this to your host's public address
-      - WG_HOST=raspberrypi.local
 
-      # Optional:
+      # Optional: Customize ports and network configuration
-      # - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
-      # - PORT=51821
       # - WG_PORT=51820
       # - WG_CONFIG_PORT=92820
       # - WG_DEFAULT_ADDRESS=10.8.0.x
       # - WG_DEFAULT_DNS=1.1.1.1
       # - WG_MTU=1420
-      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
+      # - WG_ALLOWED_IPS=192.168.15.0/24,10.0.1.0/24
       # - WG_PERSISTENT_KEEPALIVE=25
       # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
       # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
       # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
       # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
-      # - UI_TRAFFIC_STATS=true
-      # - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
       # - WG_ENABLE_ONE_TIME_LINKS=true
-      # - UI_ENABLE_SORT_CLIENTS=true
       # - WG_ENABLE_EXPIRES_TIME=true
+
+      # Optional: Enable traffic stats in the UI
+      # - UI_TRAFFIC_STATS=true
+      # - UI_CHART_TYPE=0 # (0=Charts disabled, 1=Line chart, 2=Area chart, 3=Bar chart)
+
+      # Optional: Enable Prometheus metrics (disable by default)
       # - ENABLE_PROMETHEUS_METRICS=false
-      # - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$vkvKpeEAHD78gasyawIod.1leBMKg8sBwKW.pQyNsq78bXV3INf2G # (needs double $$, hash of 'prometheus_password'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
+      # - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$examplePrometheusHash # Double $$ for bcrypt password
 
-    image: ghcr.io/wg-easy/wg-easy
-    container_name: wg-easy
     volumes:
-      - etc_wireguard:/etc/wireguard
+      - ~/.wg-easy:/etc/wireguard
     ports:
       - "51820:51820/udp"
-      - "51821:51821/tcp"
     restart: unless-stopped
     cap_add:
       - NET_ADMIN
       - SYS_MODULE
-      # - NET_RAW # ⚠️ Uncomment if using Podman
     sysctls:
       - net.ipv4.ip_forward=1
       - net.ipv4.conf.all.src_valid_mark=1
+
+  nginx:
+    image: weejewel/nginx-with-certbot
+    container_name: nginx
+    hostname: nginx
+    volumes:
+      - ~/.nginx/servers/:/etc/nginx/servers/
+      - ./.nginx/letsencrypt/:/etc/letsencrypt/
+    ports:
+      - "80:80/tcp"
+      - "443:443/tcp"
+    restart: unless-stopped